Description
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
Affected products
- Mozilla / mozilla0.9.6 – 0.9.6
- Mozilla / mozilla0.9.7 – 0.9.7
- Mozilla / mozilla0.9.8 – 0.9.8
- Mozilla / mozilla0.9.9 – 0.9.9
- Mozilla / mozilla1.0 – 1.0
- Mozilla / mozilla1.0.1 – 1.0.1
- Mozilla / mozilla1.1 – 1.1
- netscape / navigator6.2 – 6.2
- netscape / navigator6.2.1 – 6.2.1
- netscape / navigator6.2.2 – 6.2.2
- netscape / navigator6.2.3 – 6.2.3
- netscape / navigator7.0 – 7.0
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=103730181813075&w=2
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/10636
- MISChttp://www.securityfocus.com/bid/6185
- MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=157646
- MISChttp://www.redhat.com/support/errata/RHSA-2003-163.html
- MISChttp://www.redhat.com/support/errata/RHSA-2003-162.html